 Andy dwi'n rhoi gydag'r awglaeth na nhw'n mynd o gydwch chi ar y'r newid yma, a gein ni'n mynd o syniadau rhoi'r ystafell ar hyd o beth ychydig chi'n ei wneud. Pwy ychydig i'r gael, mae hi'n ddозenwaith bod threeo fae fan o phirfer o ddegiwyddu, sinolwyddu, ddegiwyddu, ffogolwyddu, o blaenu mewn ysgolwyddu, a maen nhw ein i'ch gweithio i'r ddechrau'n roddfawr. Mae'r ddylch yn dweud i'r ffodol o'r cyflawn o sefydlu a'r ddylch yn ei ddiwethaf. Mae'r ddweud yn y llwyddiad. Mae'n ddweud bod yna'r ddiwethaf o'r oedd yng Nghymru yn ddiwethaf. Felly, rwy'n dweud i'r ddylch yn y ddechrau a'r ddysgfaith, rwy'n ddweud i'r ddylch yn ddysgfaith, ac rwy'n ddweud i'r dd communi. Mae'n ddweud i'r ddweud i'r ddweud i'r cyflawn. Maen nhw'n cyfan wahanol? How many of you believe that working in the civil service is exciting? Please raise your hand. That's the lowest show of hands we've had so far. So probably about 10%. Well I'm sorry to inform you but you are wrong. And I know you're wrong. And I know it for a fact. Because we are very fortunate we now have a canonical source of truth. And that source of truth is Twitter. Twitter says it is exciting. It is. I work in the Government Digital Service. It is very exciting. I guess the other theme for the day was in with the new. To start off, I am going to talk about the old, because the old is actually quite important. If you are looking at the big transformations that we are trying to make in introducing the new, you have to start unpicking what the old was about. ac yn fan hyn yn perifodol, mae'n gynnwys ychydig yn rhoi ddyn nhw'r gwybod yma. Felly mae'r gwybod yma, felly mae'r gwybod dyma, y bywod eich model yma yn cyfanyddio o gweld. Mul tyur o'r heb löredu gwag, a y mil tyur o'r gwybod a'r gwybod ac describe o'r gwybod o'r gwybod mewn mae'r eivawr yn gwybod yma. Mae'r gwybod, oherwydd mae'r gwybod, oherwydd mae'r oligopoli, eithaf ddig shefyddi, mae'r gw带ol yn gwybod yn ni. Mae'r gwybod, Dyn ni'n golygu'r cyfrannol mewn gwir, yw Francis Mord, yw'r Minister for the Cabinet Office, ac yw'r cyfrannol sydd yn ei fawr yn gwybod, gyfrannol cyfrannol i'r grwp yn ysgrifennu cyfeirwyr, sy'n gwybod digital. Mae'n fawr o'r pethau gwir o'r cyfrannol i gyfrannol yn gwybod. Dwi gweithio'r pethau, mae'n gwybod. Mae'r pethau gwir o'r cyfrannol o'r cyfrannol sy'n cyfrannol o'r cyfrannol. y dyfodol, y dyfodol y cystafol a dyfodol y pryd. If you think about it, what government departments typically had done was to outsource most of their IT to one or more large suppliers who effectively would do the IT, because IT historically was treated as being not particularly important. I think one of the reasons for this, trying to figure out why this happened I have to own up. I used to work for a large systems integrator, and I did quite a lot of work with them on their outsourcing cost models, so I kind of understand some of the thinking that was on the supply side around this. I think part of it was probably driven towards the late 90s, early 2000s, by this concept of what's core and what's non-core. This kind of strategic view that said actually if you focus on what's core in your organisation, you should then just outsource everything that's non-core. I.T. was viewed as non-core. Now, it's great. I used to do component business modelling going to a client, show them what was core and what was non-core. I.T., interestingly, was always non-core and something they should outsource to the company that I worked for. It's kind of interesting. If you think about it, if you think about the decisions that organisations make, what happens if you get this wrong? I kind of like to think back to a time when Nokia, as a company, they had a small division that was saying actually we think we should do mobile phones, and just think what would have happened if the organisation said that's not core to our businesses, is it really? We'll just concentrate on what we do. What would have happened to Nokia then? This kind of very simplistic view that actually I.T. is not core to an organisation, I don't think really holds much water in the 21st century. Actually, if you start to break down what is I.T., what is technology, we're starting to look at in terms of this quadrant here, because you can't just bundle everything up and give it to somebody else to manage their problem. There are different tensions driving the different elements of what we do in technology. Effectively, we've kind of got things like digital public services and mission I.T. systems. A digital public services would be the kinds of things that we see online, renewing your tax disc is one of the services with the most take up. Mission I.T. system, so if you're a Department for Work and Pensions, that's a benefit system. If you're a HMRC, that's a revenue collection system, a tax collection system. These are the things which are really important. They're quite unique to your industry. You can't just go out and say, well, I'll have a tax collection system. There's a hundred different versions of them out there. I'll just choose one that works best for me. They really are quite unique. What you need to do in these areas is actually really focus on developing and building things which meet your customer needs, meet the needs of the people who are actually using these services. In contrast, the things below the line are actually tending much more towards commodity. It's fairly straightforward when you think about desktops or hosting or networks. These are not things which you need to build a special for government. We don't have special government electricity or special government water, so the concept that we would have special government networks or special government desktops doesn't seem to make much sense. This term, which is a reserved term in government of shared services, which what we mean is things like finance, human resources, procurement. Again, these are tending towards commodity things because what we care about is the cost per user. The key for these things here is that you should be able to swap them in and out regularly. They're based on the price. The price is what's really important. You have to structure these things so when they run on this infrastructure that they can actually swap out the infrastructure when you see a better offer and a better deal, which doesn't necessarily mean a long five-year contract for your hosting or a five-year contract for your desktops, it means using open standards so that when you need to swap to a different desktop provider or a different infrastructure provider, you can do quickly and easily and you can ensure that there is decent market competition in these spaces. This is some of the ways that we're now starting to think about this and trying to break up those big contracts into different smaller approaches. We're trying to disaggregate the big bundles of contracts into things which actually are very specific so instead of saying just provide all services, we're breaking out hosting desktops, networks and then the mission IT systems and what we're finding is that approximately 30% savings can occur just by unbundling those big contracts. To tie it all together, you really need open standards. It doesn't work if you are delivering things which are very tightly controlled, they're very tightly locked down. If, as the case in many government organisations, the applications that you use are based on specific versions of operating systems, specific versions of Java, which only work in a special government desktop which has lots and lots of security layers built on top of it to make sure that only that supplier understands how that works. If you're in that situation, it's very hard for you to switch into a different supplier. Andy very kindly talked about some of Tim O'Reilly's comments. Last year we published our open standards approach and we got some very nice comments as well from some very neat publications. The effects of this sort of unbundling starting to look at what the specific needs are for the specific areas IT is starting to be felt. We just recently had a report from the National Audit Office looking at the savings that we're making through our IT initiatives. Usually for government it actually said that we were making the savings that we promised. This year we think that soon to be published, but we think we're heading north of 400 million in terms of savings over the years. These are in-year savings that are not spread out over a number of years. This is a great time to be a supplier I think because when I look at those multi-year enterprise deals, I just tried to pull together from what we've publicly got out there what the timeline is and what the time scales are for when these deals come to an end. You can kind of see in 2014, 2015, a lot of these big deals come to an end. That kind of graph, that line of how things are happening really says to me that there's an awful lot of opportunity there. When we talk about things like G-Cloud and we've had a reasonable amount of uptake, but it's very, very early days, you start to see that as these big deals come to an end and as departments and organisations are looking to have a much more diverse supply base, that there is an awful lot of opportunity there for spend to be channeled in different ways to a much more diverse set of suppliers. This is the kind of stuff that we're doing to unpick the old to make way for the new. You start to do this, you change the consensus, but nobody really believes it unless you're actually building new things as well. This is where we start to look at what is 21st Century Government about anyway. I'm not sure I really have all the answers, but I think it probably involves some things like these. I think it involves things like Gov.UK. The interesting thing for me, apart from the fact that it's the tagline here of simpler, clearer and faster, is that it's built using a platform approach. What we decided to do with Gov.UK was not to just go out and choose a content management system which we will implement and then just push all content onto it. We built a platform approach which then allows Government Digital Services and Departments to build products on it which meet user needs. There might be products which enable us to engage better with citizens, might be products which enable us to ensure that democracy works, might be products that allow people to engage with the rights to do things. I think one of the key things when you look at 21st Century Government, without trying to get very philosophical about this, but look at where power is held and access to the ability to do stuff. If you make it hard for people to do stuff, then your centralising power, what you want to be doing is making it easier for people to do the things that they need to do. I guess I had to touch on analytics at some point. This is the sneak view of the iPad app which was built for the Prime Minister. This is the kind of thing you need to use when you are running a country. It's certainly not just about GDS being a cool place to work and doing lots of wonderful things. It is, it does, but most of those things are done together with people in departments. People are actually trying to do a lot of the hard yards, changing delivery approaches, changing the organisations, changing the services that they provide to users. A key part of our digital strategy was not just to provide Gov.uk. That's done. The next step is around looking at the big services, the services that citizens most and businesses most often require from government and transforming them so that they are digital by default. As you can see, this is not a hipster London centric thing. We are doing this all over the country. We just had a presentation yesterday from the guys in Student Loans Company about a lot of the changes they are making to the way that people apply for student funding and they are getting some really great differences in terms of customer satisfaction by fixing some of their broken transactions. This is happening all over the country. In government departments all over the place there are digital teams being created to try and change the way that these services are delivered. There are people called digital leaders being put in place who work at board level, who give those organisations the accountability and the ability to go away and deliver great things. How do you do it? You do it with multidisciplinary teams. Maybe people who don't look like traditional civil servants. I'm not sure what a traditional civil servant is anymore. When you look around the place, people do look very different. The job roles that they have, they are kind of different things. They might be called developers, they might be called designers. Design is a really important part about making it a digital service that really works. We have this concept of a service manager, somebody who is accountable for that service. This is a really hard change for some departments to get their heads around it. It's not just about building a product and putting it live. You have to have somebody who is fundamentally accountable for the maintenance, the improvement, the management of that service moving forward. Of course we do have the normal kind of civil service type roles around policy and communications whose role quite often actually is to protect the people who are building things from some of the governance and some of the mechanics that the civil service can impose. How do we do this? This is something which is really, really simple to say. It's deceptively simple. Start with the user need. By user need we mean those people out there, the real people who actually use the services. We don't mean the management teams within departments. The reason why this is deceptively simple is because this actually starts to, user needs trump all the other needs that the organisation might come up with. This actually gets you into some really deep and difficult discussions with how you organise the services that you deliver. We do face some challenges because we can't build websites with tools designed for building bridges. If you look in most organisations that the governance approaches that people have to put up with don't lend themselves naturally to the kinds of digital services that we're looking to create. The traditional way, I spent quite a lot of my time in the Department for Work and Pensions and the traditional way that we would do things, we would figure out that there was a need for something. We'd have some very, very bright people focusing on making the policy around what we need to do. Then it would come to people in the IT organisation and we'd say, we don't know what to build because we don't have your requirements. Please can you go away and write down your requirements in lots of detail so that we don't get it wrong because we know that sometimes government has got it wrong in the past. One way to protect ourselves against this is if we make you write it down in big documents. When you've spent six months documenting your requirements to the nth degree because you don't want to miss anything because you know what IT is like, they'll never deliver it if you don't get it in the first instance, then we'll go out and procure. Again, that will be a very elongated process which may take somewhere between one and two years. Once we've done all that, we'll finally get a supplier in, they'll start developing and then maybe two and a half years down the track we'll deliver something, push it out there and see what the users think of it. Interestingly, quite a lot of the time, what did the users think of it? Well, the answer was not much. We haven't got a great track record in delivering great services. The way we're trying to do things is actually through spending a bit more time up front doing discovery work, actually figuring out what is it that we're trying to do, what are the needs that we're trying to meet. Then we'll very quickly produce an alpha, somebody can see and touch and say is this meeting the user need and we will test it with real users to find out what they think of it and if we're successful then we'll move on to a beta. At the end of the alpha stage we may just throw it away, start again with something else because we found through testing that it doesn't work and we'll continue this iterative approach until we finally decide that a service is live. The difference can be quite stark. It's not just about the speed to development but it's also about the cost and effort for all parties, not just for government but also for suppliers involved in making these new services. For example, we will quite easily spend £6m creating these wonderful documents that we can then hand over to somebody and say go build that please or we could actually work with users, work with development teams and produce something which we think is along the lines of what we might want to produce. I guess the other key point about government in the 21st century is just being open about what we're doing and open about the way that we approach things. This I think is a really interesting approach, our performance platform. I'm kind of smiling because I kind of know of some sneak things which are coming in the future which I think are really exciting but I can't talk about. But what this is about is we just defined that for digital services there are four key indicators and then we measured them for all the digital services that are out there and then we published that data and what that means is not only is it useful for us and for service managers within government to understand how does their service perform but also means that the public can hold us to account. So you can see for example the cost per transaction of the services that we offer and you see massive, massive differences for things which you might expect to be fairly similar services. We're also publishing things like the digital take-up of those services. Approximately 80% of the people are online and happy to conduct commercial transactions online. Why is the take-up of government digital services? Why does it vary between 20% and 50% to 60% in the good cases? Understanding what that take-up is, measuring it and understanding what we need to change to make our services so good that people want to use them. The other thing, I don't know if people have seen this but it was published in April, the 16th I think is our approach to how we actually go about building services. This is the service design manual. All digital services from 2014 will have to meet I think all the service standard. It's a set of rules, includes things like before you go live your minister must have been able to complete a transaction on your service, neat things like that. But it also contains a lot of guidance about not just this is the rule but here's how we go about building things that allow you to meet that rule. It's a really good resource. There's more coming very shortly. A lot of stuff which also looks from an IT perspective. How do you change things so that you can actually enable these digital services to be made? Figuring out what we do, my team lead the open standards approach for government and one of the things that we're very clear about with open standards that would be a really stupid thing to do would be if we just sat in a smoke filled darkened room sorry, whatever that phrase is and decided what standards we should implement and then just issued some decrees and forced everybody to use them. That's probably a recipe for disaster. So what we're doing is being very open about the business problems that we're trying to solve and encouraging people to come and actually tell us what they think the standards should be. So I mean it's got some... This is open please if you've got some views and standards do contribute we're really looking for people to contribute and it's got some really important things in there. So I think one of the first things that we will cover is this thing which is a really boring name, multi-agency incident transfer for something very, very important which is when emergencies happen and how do the emergency services communicate to each other by means other than phones and fax which unfortunately does happen sometimes today. So that's really important for us. It's not just about standard, it's also about when government builds things let's publish what we build and let's make it open source let other people use it. So this is gov.uk, a lot of the workings of that are published on GitHub we do know that other governments are taking the code that we've produced I think Honolulu was one of them which is reusing UK government code which is fantastic. I don't think anybody so far blagged a trip to go and help them to do it which I'm sure everybody's desperate to do but I guess the thing is when you are doing things which are specific for your industry then actually being able to share that across organisations is really, really important. We're looking at some of the things that for example Lestonia have done is a data integration across places and that might be something that we want to borrow within the UK so actually doing things in an open source way does allow us to get things done a lot quicker. So we can get better for Lest, we can bring in the new as long as we build it on open standards and open source and not closed systems as long as we're religious about building services based on user needs that's what we're up to. Told it was quite exciting, that's it. Having said that we now do have time for questions so any questions for David? One down here, just wait for the mic because we're live streaming so we need the audience to hear it. You're building a system which almost every government in the world should be copying. How much value in what you're doing is in fact how much compatibility is there between a UK system and other countries' system? It's a good question and we pretty much I would say every week do you have visitors from other countries who are looking to understand what we've done. I think as with anything it's not the case that you should just take what we've done and stick it on some server and run it but I think if you look at the needs of governments across countries then actually a lot of them are very similar so if you look certainly within Europe because a lot of the things that we do are tied to European rules then there is a lot of similarity between the requirements that you might have so if you look at export handling and things like that then it's driven by European Union rules so there is an awful lot of commonality there. I think what we are trying to do is forge partnerships with those countries who are doing things which we find interesting so it's not just countries coming here but also us learning from other countries. I mentioned Estonia, they have this thing called X Road which is how they share information between government organisations and for the citizens and government organisations and they have some laws which basically mean that you can't duplicate information that another government organisation already holds and this is incredibly powerful when you think about it. When you look at your online transactions with government how many times are you asked for the information which you know you've already told another part of government somewhere. Now they've passed laws that make that effectively illegal to ask for that information. They've passed laws that ensure that any government organisation that holds information makes it available for other organisations to use and they've built an infrastructure which allows that to happen really quite simply and cheaply. So there are an awful lot of commonalities within, it's an industry thing so there are lots of commonalities within the government industry across countries. So it's a bit vague answer but I'd say lots but a lot of untapped potential I think. OK, sorry, this is... I mean you've outlined a vision of a world where everything comes online. Tim, sorry, could I just ask questions to introduce them? Sorry, Tim Simpson, I'm a trustee of Edgyser. How do you see the challenge of getting everybody online? I mean it's well known there's 20-30% of people who are resolutely resisting. How do we handle that? Yeah, I mean it's quite a hot topic at the moment and we have published papers around our view on digital inclusion. I think you kind of have to differentiate between those who don't want to go online and those who can't go online. I think you have to understand what you drive it by the user need. What's the best way to help people who can't get online access the services that they need? And there will be a variety of ways of doing that. I think one of the obvious answers is that it probably feels like it's quite a local solution to local problems depending on the situation that somebody is in. If it's that the connectivity is so appalling because you're living in a rural area and so practically you would like to be online but you can't be. Then there are approaches that you might want to take around centralising some services or delivering services, a number of services from a certain place. If you can't get online then I think you have the question of agency to look at. Is it because you actually would like to empower somebody else to operate online on your behalf? You might have a carer who can do that on your behalf and you're happy to do that. Or it might be that actually online is just not an option. You still want to be able to do things but you need to speak to somebody face to face so it's specific. The question there is how do you construct a service delivery mode which allows you to give those people who need face to face interaction the face to face interaction they need without duplicating that across multiple organisations in government. I don't think there's any silver bullet to this. I think it really is just driving it through user needs understanding the different categories of user need and developing approaches which will match those. Hi, Sam Cox, Age Department for Work and Pensions and Accessibility Assurance variety. Just a question, yes it is digital by default but I've been to quite a few conferences now of people that don't work in government departments that are saying it's only digital and that is a serious concern but is that the message that we want to put out to try and reinforce that we want everybody to go down that line but really my concern is that we're saying that that's all it will be and that's not the right message I would have thought to put out for our disabled citizens. I think the clear answer is, hopefully it's clear, no that's not the message, it's not only digital it's digital by default. We do know that the majority of people are online and able to transact online so we should be building services which meet their needs but where you either won't or can't then we need to be providing the appropriate services for those individuals so it's definitely not only digital. Hi David, Fraser Miles, M-O-D, hopefully you'll recall my programme that I'm currently involved in. I certainly can, with respect to my own programme identify a number of products out there which I'd love to be able to just go and do the alpha and beta models and then implement as your diagram suggested but I still feel heavily constrained by the current routes to procurement that I feel are imposed on me through the M-O-D and also then through the Cabinet Office and what are you doing then in order to try and facilitate the preferred model that you've demonstrated rather than the more traditional and elongated routes to procurement. So there's this wonderful resource which is not a lot of people seem to know about it which is a whole set of guidance around lean procurement and in working with government departments if you Google Lean Procurement Cabinet Office I think it takes you straight to the site but there's a whole set of things there around how you run lean procurements, how you engage, do informal meetings with the market prior to launching a pin-in or an old you and it's actually seems to me to be the de facto answer to a lot of the issues that we face but I think not very many people seem to know about it so I think that's one thing to check. I think the other thing is making sure that obviously we've got the public service network frameworks we've got things like G-Cloud at the moment we're looking at what's the next stage of development for G-Cloud I mean it operates reasonably well but it's very early days so far and I think the question is how do you create that vibrant marketplace which doesn't involve lots of hurdles for suppliers in order to enter that marketplace but at the same time actually meets the needs of what departments are buying so I think one of the things that we haven't done very well so far is be really clear about what it is that departments are looking to buy and I think the more clear we can be about these are the kind of standard items that departments want to buy I think that will help the supply side actually understand what they need to offer in order to meet those needs and at the moment we've kind of just more or less allowed suppliers to offer their wares and government departments having to say well actually what I want is not quite that it's something like this so it's a bit of it and I still think remember in G-Cloud is only a year old it's still very early days and I think as we kind of take the approach of sorry to be boring about it but look at the user needs now we've actually got some users using it and we can figure out both from supply side and from the buy side where it doesn't meet those user needs Philip French also an old yourself trustee David you spoke very compellingly about the work that government digital has done and it shows in the quality of some of those digital public services already delivered I wondered how you felt the same principles and approach could apply into the top left segment of your diagram the line of business major transactional heavy lifting systems no it's been occupying my mind quite a lot recently so I showed you the service design manual which has a lot of the principles that you need to have in order to create a really compelling digital service and we actually started to look at that producing similar set of guidance for you know how you do the mission IT systems and you know some of my team kind of went away and wrote lots of stuff and then when we actually looked at what was in the service design manual we realised we're just replicating an awful lot of that stuff it's actually a lot of the approaches are very very similar and I think the challenge in that mission IT world is really to to some extent I think we've been in a product mindset I think it's been very common for organisations to do that logical view of what does the organisation do where we deal with customers therefore we must have a customer relationship management system we deal with cases of things therefore we must have at least one or more case management systems and kind of looking at that jumping straight to see what's the product that we should buy that meets those needs I think kind of you know by taking that sort of you know discovery alpha beta role you may end up still buying some products but I think you'll buy a lot fewer products than we would otherwise do because I think we'll understand that actually we don't necessarily need you know an expensive business rule system or an expensive case management system we only need a little bit of functionality from one and actually we can find that another way so I think you know there are some of those some of the principles in terms of how we do it will drive you know a change there but I think it also takes a change in the way that architects view you know how you break down the needs that the businesses come to you with okay we've got a question down the front from Twitter sorry to make a new run Matt hi two questions two questions from Matthew Squires on Twitter the first one is David would you give your views on static education i online text versus interactive so e-learning at webinars oh I think I have so little expertise in that area it would be kind of pointless I did very early in my career work in the learning side of IBM where we were pushing people towards e-learning and doing online test but you know honestly that was 15 years ago so I'm so out of touch okay and the second one also from Matthew Squires what the four measures for each IT service that you mentioned earlier so the KPIs this is the test isn't it because I bet I can remember three and then struggle for the fourth so the KPIs were digital take up so what percentage of people are taking up your transaction cost per transaction completion rate so how many people who start your service actually complete it and the fourth one is what's the user satisfaction so how satisfied are people with your users so you Google performance framework performance platform to GDS then you'll find those things and also you'll start to see some of the reporting from departments against those measures and David do you have examples where though making those metrics public has resulted in changes to the way services are delivered or is it too early days for that to be happening I think it's I think they they are currently helping and what they're helping at the moment I mean I'm not sure that making them public is necessarily the driver because I think you know there is a recognition for organisations who are producing those services that these are helpful metrics to drive the changes that you need so you know I wouldn't want to to kind of you don't put all the credit on the fact that you publish it you know I think you know one of the examples I referred to earlier they were well aware of some of the metrics that they had around you know completion of of applications online so you know for example they told us that you know for every application that somebody completes online they usually have four and a half you know an average four and a half calls to a call centre in order to complete that application for funding so I think you know kind of what it does is help people to understand what are the you know boys and focus on what the key things are for their organisation and it also sets a benchmark that they can use but I don't think the you know we know that there are outliers right now I mean if you look at the figures you'll see some very obvious outliers there but I think they are so far in the outlying space that everybody kind of recognised already that they were there but I think as we move forward and get more mature in the space it will provide us with some interesting cross government measures any final questions for David just one down the front here Councillor David Camp in Royal Barricades in Chelsea you haven't mentioned I know there's a lot of things you could mention but data security is one of the most important things there is and I'm afraid the track record of breaking into systems and data getting lost is so significant that I think a lot of people just do not want their information held in IT at the moment what are your what are your processes you're putting to deal with the situation my understanding is there is no such thing as a perfect IT system that can't be broken into it and I think Everton suggests this agreed but you know it's almost so I was having this conversation with my wife last night she was asked to send a copy of her passport to somebody and we were having the debate around was it more or less secure for her to photocopy it and post it or photocopy it and scan it or to send it as an attachment in an email and you know we kind of came to the conclusion that actually it doesn't really matter which thing you choose you're running a risk when you're dealing with data so I think you know one of the key things that were you know we've been working with people in CSG around security policy is kind of understanding the real risks to information so I think historically because of you know some very well documented data losses departments have put in place lots and lots of procedures to prevent people from doing things and what usually happens you know what that has driven is actually people go around the systems and therefore are even more insecure than they would be if you actually put sensible things in place so you know one of the the approach that we took when we developed some guidance around how you need to secure desktops you know operating PCs we developed that jointly with CSG and they were really helpful for us in terms of you know unpicking a lot of the things which departments do by tradition because they think they're minimizing risk and actually saying no you know using modern systems these are the set of things that you do and this is good enough you know similarly we work with to look at some of the myths around use of open source technologies in this space so I guess what's the way to describe it I guess we're using CSG as to some extent the Sinatra test for us which means that you know if you can make it there you can make it anywhere with them so when they support it if CSG support it that's probably good enough so but you know you can't get to a zero risk system well I almost think you know we deliberately didn't talk about BYOD in our desktop guidance because I think BYOD tends not to be the issue I think it's an issue which is creating a lot of noise and heat but actually the really interesting thing is who's accessing your information and what's the level of trust you have of the endpoint that they're accessing it from and that's really the interesting problems and you can address things by lots of different ways but being sure about those things I think you know if you're working on the assumption that actually you don't trust the endpoint then actually you probably won't trust them enough to share very much information with it but there will be certain categories of things which are perfectly fine to do so I think you know that and at that point I don't really care who owns the device is the level of trust I have with the endpoint that I care about okay I think what we'll do now is break for coffee can we just say thank you very much again to David